8 Steps to Better Security
A Simple Cyber Resilience Guide for Business
1st Edition
Published on 16. August 2021
224 pages
978-1-119-81125-1 (ISBN)
Description
Harden your business against internal and external cybersecurity threats with a single accessible resource.
In 8 Steps to Better Security: A Simple Cyber Resilience Guide for Business, cybersecurity researcher and writer Kim Crawley delivers a grounded and practical roadmap to cyber resilience in any organization. Offering you the lessons she learned while working for major tech companies like Sophos, AT&T, BlackBerry Cylance, Tripwire, and Venafi, Crawley condenses the essence of business cybersecurity into eight steps.
Written to be accessible to non-technical businesspeople as well as security professionals, and with insights from other security industry leaders, this important book will walk you through how to:
* Foster a strong security culture that extends from the custodial team to the C-suite
* Build an effective security team, regardless of the size or nature of your business
* Comply with regulatory requirements, including general data privacy rules and industry-specific legislation
* Test your cybersecurity, including third-party penetration testing and internal red team specialists
Perfect for CISOs, security leaders, non-technical businesspeople, and managers at any level, 8 Steps to Better Security is also a must-have resource for companies of all sizes, and in all industries.
In 8 Steps to Better Security: A Simple Cyber Resilience Guide for Business, cybersecurity researcher and writer Kim Crawley delivers a grounded and practical roadmap to cyber resilience in any organization. Offering you the lessons she learned while working for major tech companies like Sophos, AT&T, BlackBerry Cylance, Tripwire, and Venafi, Crawley condenses the essence of business cybersecurity into eight steps.
Written to be accessible to non-technical businesspeople as well as security professionals, and with insights from other security industry leaders, this important book will walk you through how to:
* Foster a strong security culture that extends from the custodial team to the C-suite
* Build an effective security team, regardless of the size or nature of your business
* Comply with regulatory requirements, including general data privacy rules and industry-specific legislation
* Test your cybersecurity, including third-party penetration testing and internal red team specialists
Perfect for CISOs, security leaders, non-technical businesspeople, and managers at any level, 8 Steps to Better Security is also a must-have resource for companies of all sizes, and in all industries.
More details
Other editions
Additional editions
Book
10/2021
1st Edition
Wiley
€28.50
Shipment within 15-20 days
Person
KIM CRAWLEY focuses on researching and writing about cybersecurity issues. Her career has included work with Sophos, AT&T Cybersecurity, BlackBerry Cylance, Tripwire, and Venafi. She specializes in all matters red team, blue team, and purple team and is especially fascinated by malware, social engineering, and advanced persistent threats. She runs an online cybersecurity event called DisInfoSec.
Content
- Cover
- Title Page
- Copyright Page
- About the Author
- Acknowledgments
- Contents
- Foreword
- Introduction
- Chapter 1 Step 1: Foster a Strong Security Culture
- Kevin Mitnick, Human Hacker Extraordinaire
- The Importance of a Strong Security Culture
- Hackers Are the Bad Guys, Right?
- What Is Security Culture?
- How to Foster a Strong Security Culture
- Security Leaders on Security Culture
- What Makes a Good CISO?
- The Biggest Mistakes Businesses Make When It Comes to Cybersecurity
- The Psychological Phases of a Cybersecurity Professional
- Chapter 2 Step 2: Build a Security Team
- Why Step 2 Is Controversial
- How to Hire the Right Security Team. . .the Right Way
- Security Team Tips from Security Leaders
- The "Culture Fit"-Yuck!
- Cybersecurity Budgets
- Design Your Perfect Security Team
- Chapter 3 Step 3: Regulatory Compliance
- What Are Data Breaches, and Why Are They Bad?
- The Scary Truth Found in Data Breach Research
- An Introduction to Common Data Privacy Regulations
- The General Data Protection Regulation
- The California Consumer Privacy Act
- The Health Insurance Portability and Accountability Act
- The Gramm-Leach-Bliley Act
- Payment Card Industry Data Security Standard
- Governance, Risk Management, and Compliance
- More About Risk Management
- Threat Modeling
- Chapter 4 Step 4: Frequent Security Testing
- What Is Security Testing?
- Security Testing Types
- Security Audits
- Vulnerability Assessments Versus Penetration Testing
- Red Team Testing
- Bug Bounty Programs
- What's Security Maturity?
- The Basics of Security Audits and Vulnerability Assessments
- Log Early, Log Often
- Prepare for Vulnerability Assessments and Security Audits
- A Concise Guide to Penetration Testing
- Penetration Testing Based on Network Knowledge
- Penetration Testing Based on Network Aspects
- Security Leaders on Security Maturity
- Security Testing Is Crucial
- Chapter 5 Step 5: Security Framework Application
- What Is Incident Response?
- Preparation
- Identification or Analysis
- Containment, Mitigation, or Eradication
- Recovery
- Post-incident
- Your Computer Security Incident Response Team
- Cybersecurity Frameworks
- NIST Cybersecurity Framework
- ISO 27000 Cybersecurity Frameworks
- CIS Controls
- COBIT Cybersecurity Framework
- Security Frameworks and Cloud Security
- Chapter 6 Step 6: Control Your Data Assets
- The CIA Triad
- Access Control
- Patch Management
- Physical Security and Your Data
- Malware
- Cryptography Basics
- Bring Your Own Device and Working from Home
- Managed Service Providers
- The Dark Web and Your Data
- Security Leaders on Cyber Defense
- Control Your Data
- Chapter 7 Step 7: Understand the Human Factor
- Social Engineering
- Phishing
- What Can NFTs and ABA Teach Us About Social Engineering?
- How to Prevent Social Engineering Attacks on Your Business
- UI and UX Design
- Internal Threats
- Hacktivism
- Chapter 8 Step 8: Build Redundancy and Resilience
- Understanding Data and Networks
- Building Capacity and Scalability with the Power of the Cloud
- Back It Up, Back It Up, Back It Up
- RAID
- What Ransomware Taught Business About Backups
- Business Continuity
- Disaster Recovery
- Chapter 9 Afterword
- Step 1
- The Most Notorious Cyberattacker Was Actually a Con Man
- A Strong Security Culture Requires All Hands on Deck
- Hackers Are the Good Guys, Actually
- What Is Security Culture?
- What Makes a Good CISO?
- The Psychological Phases of a Cybersecurity Professional
- Recommended Readings
- Step 2
- Tackling the Cybersecurity Skills Gap Myth
- Take "Culture Fit" Out of Your Vocabulary
- Your Cybersecurity Budget
- Recommended Readings
- Step 3
- Data Breaches
- Data Privacy Regulations
- Risk Management
- Recommended Readings
- Step 4
- Security Audits
- Vulnerability Assessments
- Penetration Testing
- Bug Bounty Programs
- Recommended Reading
- Step 5
- Incident Response
- Cybersecurity Frameworks
- Recommended Reading
- Step 6
- The CIA Triad
- Access Control
- Patch Management
- Physical Security
- Malware
- Cryptography
- BYOD and Working from Home
- Data Loss Prevention
- Managed Service Providers
- Recommended Reading
- Step 7
- Social Engineering
- UI and UX Design
- Internal Threats
- Recommended Readings
- Step 8
- Cloud Networks
- Data Backups
- Business Continuity and Disaster Recovery
- Recommended Readings
- Keeping Your Business Cyber Secure
- Index
- EULA
